CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20682
https://notcve.org/view.php?id=CVE-2021-20682
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. baserCMS versiones anteriores a 4.4.5, permiten a un atacante remoto con privilegios administrativos ejecutar comandos arbitrarios del Sistema Operativo por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20681
https://notcve.org/view.php?id=CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. Una neutralización inapropiada de la entrada de JavaScript en la función page editing de baserCMS versiones anteriores a 4.4.5, permite a atacantes autenticados remotamente inyectar un script arbitrario por medio de vectores no especificados. • https://basercms.net/security/JVN64869876 https://jvn.jp/en/jp/JVN64869876/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15273 – Cross-Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15273
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1 es vulnerable a un ataque de tipo Cross-Site Scripting. • https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1 https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8 https://packagist.org/packages/baserproject/basercms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15276 – Cross Site Scripting in baserCMS
https://notcve.org/view.php?id=CVE-2020-15276
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1, es vulnerable a un ataque de tipo Cross-Site Scripting. Un JavaScript arbitrario puede ser ejecutado ingresando un alias diseñado en los comentarios del blog. • https://basercms.net/security/20201029 https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54 https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2020-15277 – Remote Code Execution in baserCMS
https://notcve.org/view.php?id=CVE-2020-15277
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. baserCMS anterior a la versión 4.4.1 está afectado por una Ejecución de Código Remota (RCE). El código puede ser ejecutado iniciando sesión como un administrador del sistema y cargando un archivo de script ejecutable, como un archivo PHP. • https://basercms.net/security/20201029 https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw • CWE-434: Unrestricted Upload of File with Dangerous Type •